From e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 5 Dec 2015 20:31:27 -0500
Subject: Rewrite of the authentication and authorization system

---
 .../Core/Security/AuthenticationManagerTest.php    | 150 +++++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 tests/units/Core/Security/AuthenticationManagerTest.php

(limited to 'tests/units/Core/Security/AuthenticationManagerTest.php')

diff --git a/tests/units/Core/Security/AuthenticationManagerTest.php b/tests/units/Core/Security/AuthenticationManagerTest.php
new file mode 100644
index 00000000..c2369626
--- /dev/null
+++ b/tests/units/Core/Security/AuthenticationManagerTest.php
@@ -0,0 +1,150 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Http\Request;
+use Kanboard\Core\Security\AuthenticationManager;
+use Kanboard\Auth\DatabaseAuth;
+use Kanboard\Auth\TotpAuth;
+use Kanboard\Auth\ReverseProxyAuth;
+
+class AuthenticationManagerTest extends Base
+{
+    public function testRegister()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new DatabaseAuth($this->container));
+        $provider = $authManager->getProvider('Database');
+
+        $this->assertInstanceOf('Kanboard\Core\Security\AuthenticationProviderInterface', $provider);
+    }
+
+    public function testGetProviderNotFound()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $this->setExpectedException('LogicException');
+        $authManager->getProvider('Dababase');
+    }
+
+    public function testGetPostProviderNotFound()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $this->setExpectedException('LogicException');
+        $authManager->getPostAuthenticationProvider();
+    }
+
+    public function testGetPostProvider()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new TotpAuth($this->container));
+        $provider = $authManager->getPostAuthenticationProvider();
+
+        $this->assertInstanceOf('Kanboard\Core\Security\PostAuthenticationProviderInterface', $provider);
+    }
+
+    public function testCheckSessionWhenNobodyIsLogged()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new DatabaseAuth($this->container));
+
+        $this->assertFalse($this->container['userSession']->isLogged());
+        $this->assertTrue($authManager->checkCurrentSession());
+    }
+
+    public function testCheckSessionWhenSomeoneIsLogged()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new DatabaseAuth($this->container));
+
+        $this->container['sessionStorage']->user = array('id' => 1);
+
+        $this->assertTrue($this->container['userSession']->isLogged());
+        $this->assertTrue($authManager->checkCurrentSession());
+    }
+
+    public function testCheckSessionWhenNotValid()
+    {
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new DatabaseAuth($this->container));
+
+        $this->container['sessionStorage']->user = array('id' => 2);
+
+        $this->assertTrue($this->container['userSession']->isLogged());
+        $this->assertFalse($authManager->checkCurrentSession());
+        $this->assertFalse($this->container['userSession']->isLogged());
+    }
+
+    public function testPreAuthenticationSuccessful()
+    {
+        $this->container['request'] = new Request($this->container, array(REVERSE_PROXY_USER_HEADER => 'admin'));
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess'));
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure'));
+
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new ReverseProxyAuth($this->container));
+
+        $this->assertTrue($authManager->preAuthentication());
+
+        $called = $this->container['dispatcher']->getCalledListeners();
+        $this->assertArrayHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called);
+        $this->assertArrayNotHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called);
+    }
+
+    public function testPreAuthenticationFailed()
+    {
+        $this->container['request'] = new Request($this->container, array(REVERSE_PROXY_USER_HEADER => ''));
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess'));
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure'));
+
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new ReverseProxyAuth($this->container));
+
+        $this->assertFalse($authManager->preAuthentication());
+
+        $called = $this->container['dispatcher']->getCalledListeners();
+        $this->assertArrayNotHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called);
+        $this->assertArrayNotHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called);
+    }
+
+    public function testPasswordAuthenticationSuccessful()
+    {
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess'));
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure'));
+
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new DatabaseAuth($this->container));
+
+        $this->assertTrue($authManager->passwordAuthentication('admin', 'admin'));
+
+        $called = $this->container['dispatcher']->getCalledListeners();
+        $this->assertArrayHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called);
+        $this->assertArrayNotHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called);
+    }
+
+    public function testPasswordAuthenticationFailed()
+    {
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_SUCCESS, array($this, 'onSuccess'));
+        $this->container['dispatcher']->addListener(AuthenticationManager::EVENT_FAILURE, array($this, 'onFailure'));
+
+        $authManager = new AuthenticationManager($this->container);
+        $authManager->register(new DatabaseAuth($this->container));
+
+        $this->assertFalse($authManager->passwordAuthentication('admin', 'wrong password'));
+
+        $called = $this->container['dispatcher']->getCalledListeners();
+        $this->assertArrayNotHasKey(AuthenticationManager::EVENT_SUCCESS.'.AuthenticationManagerTest::onSuccess', $called);
+        $this->assertArrayHasKey(AuthenticationManager::EVENT_FAILURE.'.AuthenticationManagerTest::onFailure', $called);
+    }
+
+    public function onSuccess($event)
+    {
+        $this->assertInstanceOf('Kanboard\Event\AuthSuccessEvent', $event);
+        $this->assertTrue(in_array($event->getAuthType(), array('Database', 'ReverseProxy')));
+    }
+
+    public function onFailure($event)
+    {
+        $this->assertInstanceOf('Kanboard\Event\AuthFailureEvent', $event);
+        $this->assertEquals('admin', $event->getUsername());
+    }
+}
-- 
cgit v1.2.3